Exploit Report

Computer Security And Bug Information

CVE-2023-23621

CVECVE-2023-23621
CVE Title
Published Date2023-01-28T00:15Z
Modified Date2023-01-30T14:18Z
CWE TypeCWE-1333
DescriptionDiscourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches, a malicious user can cause a regular expression denial of service using a carefully crafted user agent. This issue is patched in version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches. There are no known workarounds.
References
By clicking these links you will leave this website. We do not endorse and will not be held accountable for any activity on external sites.
Reference URLhttps://github.com/discourse/discourse/security/advisories/GHSA-mrfp-54hf-jrcv
Reference DescriptionMISC https://github.com/discourse/discourse/security/advisories/GHSA-mrfp-54hf-jrcv
Reference URLhttps://github.com/discourse/discourse/commit/6d92c3cbdac431db99a450f360a3048bb3aaf458
Reference DescriptionMISC https://github.com/discourse/discourse/commit/6d92c3cbdac431db99a450f360a3048bb3aaf458
Reference URLhttps://github.com/discourse/discourse/pull/20002
Reference DescriptionMISC https://github.com/discourse/discourse/pull/20002
Sources NIST MITRE
Note
  • No CVSS data for this CVE

This site's data is aggregated programmatically and provided "as is" without any representations or warranties, express or implied. Exploit.report is not affiliated with the The MITRE Corporation, U.S. Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA), or US government in any way. CVE and the CVE logo are registered trademarks of The MITRE Corporation

© 2022 Exploit.Report | Data | Contact | Privacy Policy | Articles